SlideShare a Scribd company logo

pegasus-whatyouneedtoknow-160916194631 (1).pdf

0
064ChetanWani

This presentation provides information about the Pegasus cyber espionage tool, how it works, and how to protect against it. It discusses that Pegasus is zero-day spyware for iOS, exploits vulnerabilities in iOS to gain access to devices, and allows access to calls, messages, and all data. It also summarizes that the mobile threat defense company Skycure uses techniques like behavioral analysis and patching vulnerabilities to detect and block threats like Pegasus in order to prevent device compromise and data exfiltration.

Software
1 of 16
Download to read offline
Title of Presentation DD/MM/YYYY 1 Understanding the Pegasus Cyber Espionage Tool What you need to know about Pegasus Spyware & How to protect yourself from this and other threats
Title of Presentation DD/MM/YYYY 2 Agenda • Top 5 things to know about Pegasus • The Story of Pegasus • Technical details of Pegasus/Trident • The Hacking Process & The Kill Chain • How does Skycure protect your organization? • Q&A
Title of Presentation DD/MM/YYYY 3 Top 5 things to know about Pegasus 1. Pegasus is zero-day spyware for iOS 2. Pegasus is a low probability, but high impact threat 3. Apple’s iOS 9.3.5 update will not detect or remove Pegasus 4. Pegasus exposes ALL messages, calls, emails, data, communications, audio, video… 5. Existence of other exploits like Pegasus is very likely
Title of Presentation DD/MM/YYYY 4 Colliding Trends CYBER ATTACKS PC  Mobile Spam  Targeted Annoying  Financial gain Android  iOS MOBILE TECHNOLOGY Call + text + mail + everything Corporate  BYOD Convenience  Productivity Work hours  Always on BEST INFILTRATION AND ESPIONAGE DEVICE EVER
Title of Presentation DD/MM/YYYY 5 The Story THE PLAYERS: WHAT HAPPENED: NSO Group Cyber war software UAE (suspected) Nation state Ahmed Mansoor Human rights activist Citizen Lab Research laboratory Apple Mobile devices Found vulnerabilities in iOS (didn’t report) Pegasus, a zero- day “lawful intercept” spyware product for governments, exploits 3 iOS vulnerabilities to jailbreak and take over mobile devices Purchased Pegasus from NSO to spy on Ahmed Mansoor Send an SMS message with a malicious URL capable of completely compromising his mobile device Smartly, did not click on the SMS link Contacted Citizen Lab for forensic analysis Recognized exploit as an NSO product Analyzed the exploit Contacted Lookout for support in the analysis Notified Apple of Vulnerabilities Patched the three vulnerabilities and released iOS 9.3.5 update Filed CVE reports
Title of Presentation DD/MM/YYYY 6 Trident: 3 Zero-Day iOS Vulnerabilities • CVE-2016-4657: Memory Corruption in WebKit - Vulnerability in Safari WebKit allows the attacker to compromise the device when the user clicks a link • CVE-2016-4655: Information Leak in Kernel - Kernel base mapping vulnerability that leaks information to the attacker that allows him to calculate the kernel’s location in memory - circumvents KASLR • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak - Kernel-level vulnerability that allows attacker to corrupt memory in a function, disabling the code signing requirement to silently jailbreak the device and install surveillance software that runs as if it were part of iOS. - Allows attacker to circumvent all security measures
Title of Presentation DD/MM/YYYY 7 The Surveillance Kernel App 1 App 2 App 3 App 4 Internet Cloud Services Corporate services Command & Control Center Data encryption Containers VPNs End-to-end encryption Secure email ✗ ✗ ✗ ✗ ? ✗
Title of Presentation DD/MM/YYYY 8 Exploits Kernel and Legitimate Apps Legitimate apps are patched in memory, not replaced by malicious apps. App patching is not required for Pegasus to spy, but it provides context.
Title of Presentation DD/MM/YYYY 9 Emphasis on Stealth Pegasus features designed to avoid detection • Throttle bandwidth based on connection • Operate certain functions when idle • Automatically uninstall if any chance of discovery • Automatically reverts to a legitimate website if exploit fails • Anonymizing proxy chain to obfuscate Command and Control “In general, we understand that it is more important that the source will not be exposed and the target will suspect nothing than keeping the agent alive and working.” - NSO Group documentation
Title of Presentation DD/MM/YYYY 10 Skycure Mobile Threat Defense Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Advanced security • Management console • Automation & integration Security Visibility IT Satisfaction Server-Side • End-user satisfaction • Detection & protection • No “Private APIs” Seamless experience Privacy Minimal footprint End-User App
Title of Presentation DD/MM/YYYY 11 The Cyber Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives • Study the target, gather intelligence • Design and build the exploit, research vulnerabilities • Social engineering – SMS, email, etc. • Execute infiltration, exploit vulnerabilities • Install malware • The “spy” receives information and may control the device • Exfiltration, theft, ransom, etc. Pegasus was stopped here ✗
Title of Presentation DD/MM/YYYY 12 How Skycure Interrupts the Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Exfiltration • Study the hacker – gather intelligence on them • Protect against disclosed and undisclosed vulnerabilities • Protect unsuspecting users (i.e. SMS/MMS like Stagefright) • Static & dynamic analysis, system integrity checks • Block installation, detonate in a safe environment • Active Honeypot patent, who is the device talking to? • Block critical enterprise resources, recognize attackers when they use what they stole
Title of Presentation DD/MM/YYYY 13 xxxxxxxx xxxxxxxx xxxxxxxx Skycure Detections
Title of Presentation DD/MM/YYYY 14 What to do now Install Skycure – it’s free Contact Skycure Email: pegasus@skycure.com Call: 1-800-650-4821 1 2 If Pegasus is found TURN THE PHONE OFF 3
Title of Presentation DD/MM/YYYY 15 The Rest of the Story • Announcement about Pegasus after the Apple patches (August 25, 2016) • Security companies add Pegasus detection - Skycure already detected Pegasus (just added the name) • NSO is not out of business (nor are others) • Other exploits are out there – and more will come • Can you afford to wait until the next announcement? • There are no guarantees, but you can reduce your risk
Title of Presentation DD/MM/YYYY 16 Request a free Pegasus assessment get.skycure.com/pegasus-spyware-assessment Q&A

Recommended

Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)securityiphonepentest
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 

Recommended

Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)securityiphonepentest
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Untitled 1
Untitled 1Untitled 1
Untitled 1Sergey Kochergan
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDefconRussia
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecNowSecure
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons Computer Learning Centers / 5PE
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
OWASP
OWASPOWASP
OWASPPen Testeronyguy
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applicationsiphonepentest
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 

More Related Content

Similar to pegasus-whatyouneedtoknow-160916194631 (1).pdf

Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDefconRussia
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecNowSecure
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applicationsiphonepentest
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 

Similar to pegasus-whatyouneedtoknow-160916194631 (1).pdf (20)

Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
OWASP
OWASPOWASP
OWASP
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 

Recently uploaded

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 

Recently uploaded (20)

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 

pegasus-whatyouneedtoknow-160916194631 (1).pdf

  • 1. Title of Presentation DD/MM/YYYY 1 Understanding the Pegasus Cyber Espionage Tool What you need to know about Pegasus Spyware & How to protect yourself from this and other threats
  • 2. Title of Presentation DD/MM/YYYY 2 Agenda • Top 5 things to know about Pegasus • The Story of Pegasus • Technical details of Pegasus/Trident • The Hacking Process & The Kill Chain • How does Skycure protect your organization? • Q&A
  • 3. Title of Presentation DD/MM/YYYY 3 Top 5 things to know about Pegasus 1. Pegasus is zero-day spyware for iOS 2. Pegasus is a low probability, but high impact threat 3. Apple’s iOS 9.3.5 update will not detect or remove Pegasus 4. Pegasus exposes ALL messages, calls, emails, data, communications, audio, video… 5. Existence of other exploits like Pegasus is very likely
  • 4. Title of Presentation DD/MM/YYYY 4 Colliding Trends CYBER ATTACKS PC  Mobile Spam  Targeted Annoying  Financial gain Android  iOS MOBILE TECHNOLOGY Call + text + mail + everything Corporate  BYOD Convenience  Productivity Work hours  Always on BEST INFILTRATION AND ESPIONAGE DEVICE EVER
  • 5. Title of Presentation DD/MM/YYYY 5 The Story THE PLAYERS: WHAT HAPPENED: NSO Group Cyber war software UAE (suspected) Nation state Ahmed Mansoor Human rights activist Citizen Lab Research laboratory Apple Mobile devices Found vulnerabilities in iOS (didn’t report) Pegasus, a zero- day “lawful intercept” spyware product for governments, exploits 3 iOS vulnerabilities to jailbreak and take over mobile devices Purchased Pegasus from NSO to spy on Ahmed Mansoor Send an SMS message with a malicious URL capable of completely compromising his mobile device Smartly, did not click on the SMS link Contacted Citizen Lab for forensic analysis Recognized exploit as an NSO product Analyzed the exploit Contacted Lookout for support in the analysis Notified Apple of Vulnerabilities Patched the three vulnerabilities and released iOS 9.3.5 update Filed CVE reports
  • 6. Title of Presentation DD/MM/YYYY 6 Trident: 3 Zero-Day iOS Vulnerabilities • CVE-2016-4657: Memory Corruption in WebKit - Vulnerability in Safari WebKit allows the attacker to compromise the device when the user clicks a link • CVE-2016-4655: Information Leak in Kernel - Kernel base mapping vulnerability that leaks information to the attacker that allows him to calculate the kernel’s location in memory - circumvents KASLR • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak - Kernel-level vulnerability that allows attacker to corrupt memory in a function, disabling the code signing requirement to silently jailbreak the device and install surveillance software that runs as if it were part of iOS. - Allows attacker to circumvent all security measures
  • 7. Title of Presentation DD/MM/YYYY 7 The Surveillance Kernel App 1 App 2 App 3 App 4 Internet Cloud Services Corporate services Command & Control Center Data encryption Containers VPNs End-to-end encryption Secure email ✗ ✗ ✗ ✗ ? ✗
  • 8. Title of Presentation DD/MM/YYYY 8 Exploits Kernel and Legitimate Apps Legitimate apps are patched in memory, not replaced by malicious apps. App patching is not required for Pegasus to spy, but it provides context.
  • 9. Title of Presentation DD/MM/YYYY 9 Emphasis on Stealth Pegasus features designed to avoid detection • Throttle bandwidth based on connection • Operate certain functions when idle • Automatically uninstall if any chance of discovery • Automatically reverts to a legitimate website if exploit fails • Anonymizing proxy chain to obfuscate Command and Control “In general, we understand that it is more important that the source will not be exposed and the target will suspect nothing than keeping the agent alive and working.” - NSO Group documentation
  • 10. Title of Presentation DD/MM/YYYY 10 Skycure Mobile Threat Defense Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Advanced security • Management console • Automation & integration Security Visibility IT Satisfaction Server-Side • End-user satisfaction • Detection & protection • No “Private APIs” Seamless experience Privacy Minimal footprint End-User App
  • 11. Title of Presentation DD/MM/YYYY 11 The Cyber Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives • Study the target, gather intelligence • Design and build the exploit, research vulnerabilities • Social engineering – SMS, email, etc. • Execute infiltration, exploit vulnerabilities • Install malware • The “spy” receives information and may control the device • Exfiltration, theft, ransom, etc. Pegasus was stopped here ✗
  • 12. Title of Presentation DD/MM/YYYY 12 How Skycure Interrupts the Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Exfiltration • Study the hacker – gather intelligence on them • Protect against disclosed and undisclosed vulnerabilities • Protect unsuspecting users (i.e. SMS/MMS like Stagefright) • Static & dynamic analysis, system integrity checks • Block installation, detonate in a safe environment • Active Honeypot patent, who is the device talking to? • Block critical enterprise resources, recognize attackers when they use what they stole
  • 13. Title of Presentation DD/MM/YYYY 13 xxxxxxxx xxxxxxxx xxxxxxxx Skycure Detections
  • 14. Title of Presentation DD/MM/YYYY 14 What to do now Install Skycure – it’s free Contact Skycure Email: pegasus@skycure.com Call: 1-800-650-4821 1 2 If Pegasus is found TURN THE PHONE OFF 3
  • 15. Title of Presentation DD/MM/YYYY 15 The Rest of the Story • Announcement about Pegasus after the Apple patches (August 25, 2016) • Security companies add Pegasus detection - Skycure already detected Pegasus (just added the name) • NSO is not out of business (nor are others) • Other exploits are out there – and more will come • Can you afford to wait until the next announcement? • There are no guarantees, but you can reduce your risk
  • 16. Title of Presentation DD/MM/YYYY 16 Request a free Pegasus assessment get.skycure.com/pegasus-spyware-assessment Q&A